35 matches found
EUVD-2026-17966
A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographic key . The attack must be carried out locally. This attack is characterized by high complexity...
CVE-2026-4824
A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...
CVE-2026-27069 WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.7.2...
CVE-2026-27069
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through = 8.7.2...
EUVD-2026-1859
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...
CVE-2025-68066 WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through = 8.7.0...
CVE-2025-36118
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...
CVE-2025-62930
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through = 8.7.22...
CVE-2025-62930 WordPress MapSVG plugin <= 8.7.22 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through = 8.7.22...
CVE-2025-62930
CVE-2025-62930 concerns WordPress MapSVG plugin MapsVG-Lite-Interactive-Vector-Maps. Affected software: MapSVG (MapsVG) – Vector maps, Image maps, Google Maps; vulnerable component: mapsvg-lite-interactive-vector-maps. Root cause: improper neutralization/validation of input during web page genera...
curl: Buffer Overflow in WebSocket Handshake (lib/ws.c:1287)
Summary: Buffer overflow vulnerability in curl's WebSocket implementation due to unsafe use of strcpy in the handshake process. The vulnerability is located at lib/ws.c:1287 where strcpykeyval, randstr is called without proper bounds checking, despite having a bounds check earlier in the code. AI...
CVE-2025-36120 IBM Storage Virtualize privilege escalation
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources...
WordPress plugin Soledad 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
PT-2024-33683
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue arises from the way SuiteCRM checks PHP scripts against a blacklist of functions and methods to prevent the installation of malicious MLPs. However, thi...
LDAP Account Manager Injection Vulnerability
LDAP Account Manager is a web front-end for managing entries e.g. users, groups, DHCP settings stored in LDAP directories. A security vulnerability exists in LDAP Account Manager LAM versions prior to 8.7, which stems from a logging configuration that allows arbitrary paths to be specified for lo...
PT-2024-14034 · Hypr · Hypr Workforce Access
Name of the Vulnerable Software and Affected Versions: HYPR Workforce Access versions prior to 8.7 Description: The issue is related to an Improper Input Validation vulnerability in HYPR Workforce Access on Windows, which allows Path Traversal. Recommendations: For versions prior to 8.7, update t...
CVE-2023-30735
Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant...
eNdonesia SQL注入漏洞
endonesia eNdonesia is an all-in-one social tool from endonesia. A security vulnerability exists in eNdonesia version 8.7, which stems from an SQL injection in diskusi.php that allows an attacker to execute arbitrary SQL commands via the rid= parameter...
PT-2023-26037 · Unknown · Intergard Sgs
Name of the Vulnerable Software and Affected Versions: Intergard SGS version 8.7.0 Description: A vulnerability has been found in the Change Password Handler component, which can be exploited to cause a denial of service. The attack can be launched remotely. The vendor was contacted about this...
Intergard SGS 授权问题漏洞
Intergard SGS is a security appliance from Brazilian company Intergard. An authorization issue vulnerability exists in Intergard SGS version 8.7.0, which stems from the presence of unknown functionality in the application, resulting in a privilege issue...